Archive for the 'Security Vulnerability' Category

An ICANN working group recently released a report entitled, “New gTLD Program Reviews and Assessments Draft Work Plan,” which outlines the work required to initiate a ‘second-round’ application period for the New gTLD Program. The report reveals that so far in round one, “…404 new gTLDs have been delegated. A total of 1,168 applicants have been invited to contracting. Of those applications in string contention sets, 49% remain subject to contention resolution procedures, forecast to be completed by the third quarter of 2016.” ICANN estimates that contracting will wrap up some time in late 2016 and pre-delegation testing by the middle of 2017.

ICANN’s current timeline for a second round roll-out indicates that the first application period for new gTLDs would begin sometime mid-2018. But this can/will only happen if every scheduled milestone is met along the way. Before a round two would even be considered, ICANN would need validate new gTLDs and related processes, promote competition, consumer trust, and consumer choice.

New gTLD ‘.organic’ launched in August and is now in General Availability. Domains are registered first come, first served. The .organic extension is expected to do extremely well in terms of registration numbers so if you’re interested in securing a .organic domain name, the sooner the better.

Google recently released some interesting news. As part of their effort to promote improved online security they announced that ‘HTTPS’ sites (meaning, sites that have added a SSL 2048-bit key certificate) will see a rank increase.While ‘high-quality content’ is still the best way to rank high, competition is vast and stiff so every little bit helps. Google says that currently, the ‘SSL’ benefit is a “very lightweight signal,” but they “may decide to strengthen” the signal to incentivize business/site owners to switch from HTTP to HTTPS because this small change will help keep businesses safe online.

There are a number of benefits associated with leveraging SSL certificates for your website, not the least of which is that they can help increase SEO rankings, which means more web traffic, more opportunities, and increased revenue. But will going ‘HTTPS’ impact your SEO efforts —should you be concerned? Not so much. Google has claimed for years that going ‘HTTPS’ is not a major issue for SEO. That’s not to say you can make this switch and that everything will fall into place on its own. You will need to follow protocol and take the appropriate steps to ensure that your site traffic doesn’t suffer. For example, be sure to let Google know that you’ve moved your site from HTTP to HTTPS. Google says it will provide more documentation going forward, but until then, here are a few tips:

Decide what kind of certificate you need for your business/site (single, multi-domain, or wildcard)

Use 2048-bit key certificates

Use relative URLs for resources that reside on the same secure domain

Use protocol relative URLs for all other domains

Check out Google’s site move article for more guidelines on how to change your site’s address

Donuts has launched TM Sunrise for a number of New gTLDs. The TM Sunrise period is specifically for trademark holders to register domains that are the exact match (e.g., trademarkname.TLD) to the existing corresponding trademark(s). If you want to protect your brand(s) within specific markets, registering additional domains (specifically new gTLDs), is the best way to optimize your naming strategy.

TM Sunrise for .furniture, .discount, .fitness, and .schule:: Now open through August 16, 2014

TM Sunrise for .gratis, .claims, .credit, and .creditcard :: Now open through August 23, 2014

TM Sunrise for .digital, .accountants, .finance, and .insure :: Now open through August 27, 2014

TM Sunrise for .loans, .life, .guide and .church:: Now open through September 6, 2014

TM Sunrise for .direct and .place :: Now open through September 13, 2014

TM Sunrise for .deals :: Now open through September 20, 2014

TM Sunrise for .city :: Now open through September 27, 2014

It’s important to note that only trademark holders who have received a valid signed mark data (SMD) file issued by the Trademark Clearinghouse (TMCH) may apply for an exact match domain name during the Sunrise period for any new gTLD(s). If you have any questions about the launch of these or any other new Donuts gTLDs, please contact your Safenames account manager. You may also contact us in the UK at +44 1908 200022 (emeasales@safenames.net) or in the US at +1 703 574 5313 (nasales@safenames.net).

A serious security vulnerability (“The Heartbleed Bug”) was recently discovered within OpenSSL, the software that some servers use to generate CSRs for SSL Certificates (note, CSRs generated on Windows IIS were not affected by this bug). This vulnerability existed for more than two years before identified/isolated, and was fairly easy to exploit, allowing attackers to steal information that was, under normal circumstances, protected by the SSL/TLS encryption used to secure the exchange of data on the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM), and some virtual private networks (VPNs). The Heartbleed bug allowed anyone on the Internet to read the memory of the systems that are ‘protected’ by a vulnerable version of the OpenSSL software. Essentially this means that the attackers were/are able to view/capture communications across networks, steal data (user names, passwords, credit card information, etc.) and impersonate services and users. Although Safenames was not impacted, when we learned of this security bug, we immediately took a specific set of actions to address this vulnerability including installing new SSLs with CSRs that were generated on the updated OpenSSL software. If you are running your own systems with OpenSSL versions 1.0.1 through 1.0.1f, your system was/is vulnerable and we suggest that you upgrade as soon as possible.

What else can you do to protect yourself? If you have not already done so, it is highly recommended that you change your passwords for sensitive accounts (banks, email, facebook, etc.). Also, don’t hesitate to reach out to small businesses that may have your data to ensure that they are secure. Larger organizations most certainly know about Heartbleed, and have addressed this issue, but some small businesses may not—in situations like this it’s much better to be safe than sorry. Keep a close eye on financial statements for the next few weeks/months. Why? Because attackers often have access to a server’s memory for credit card information even after a vulnerability has been mitigated/addressed.